From 4fc35c829c300f978743a9bc56aa07fa47dc4337 Mon Sep 17 00:00:00 2001 From: Harry Sintonen Date: Fri, 6 May 2022 16:25:19 +0200 Subject: [PATCH] sectransp: bail out if SSLSetPeerDomainName fails Before the code would just warn about SSLSetPeerDomainName() errors. Closes #8798 --- lib/vtls/sectransp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c index 8ee8fe997..2e57d8378 100644 --- a/lib/vtls/sectransp.c +++ b/lib/vtls/sectransp.c @@ -2045,8 +2045,9 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, err = SSLSetPeerDomainName(backend->ssl_ctx, snihost, snilen); if(err != noErr) { - infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d", + failf(data, "SSL: SSLSetPeerDomainName() failed: OSStatus %d", err); + return CURLE_SSL_CONNECT_ERROR; } if((Curl_inet_pton(AF_INET, hostname, &addr))